Whoever opened iFood on November 2nd found the names of several establishments changed to political phrases such as “Lula Ladrão” and “Bolsonaro 2022”. Because of the episode, Rio de Janeiro’s Procon fined the platform R$1.5 million.

Although iFood reported that the changes were made by an employee of a service provider to the platform and that there was no leakage of customer data, the agency asked for more details about the case. Answers were not given, according to Procon.

What did iFood fail to respond?

Procon said in a statement that, during the inspection of the incident, it found that iFood shares data with third-party companies, including documents, addresses and consumer payment data. Therefore, asked the platform to detail what personal information is stored and shared with third parties.

Procon also asked iFood to inform which establishments were affected, for how long the names were changed, what was the deadline for correcting the system, how many purchases were made during improper access and what is the identification of the service provider that caused the problem, in addition to explaining what its attributions are in managing the platform.

Due to the lack of return, Procon Carioca applied the exact fine of R$ 1,508,240.00. wanted by Tilt, iFood did not respond to the contact attempt until the publication of this text.

remember the case

According to the delivery platform, the change of names of partner establishments took place in 6% of the total number of restaurants registered in the system.

The IFood app was hacked in several cities across the country and some establishments had their names changed to: “Bolsonaro 2022”, “Vacina kills”, “Lula Ladrão”, and other names in support of Bolsonaro and insults to other political figures. pic.twitter.com/3AtoUMgI4T — Electoral Center (@CentralEleicoes) November 3, 2021

Man, it seems they hacked iFood… There are a lot of restaurants with names like “LULA LADRÃO”, “VACINA MATA”, etc. Holiday enjoyment from someone on the iFood security team just ended pic.twitter.com/PYDoG6hSiw — Pedro Fracassi (@plfracassi_) November 3, 2021

The changes took place on purpose, the company said in a statement, “through the account of an employee of a service provider company who was allowed to adjust registration information of restaurants on the platform, and who did so improperly.”

After the case was detected, this access was blocked and the names of the restaurants started to be re-established on the same day.

About the credit card registered on the platform, the company guarantees that “customers’ payment methods are secure”. iFood has stated that it does not store any user financial data on its platform.

“The payment method data are not stored in the iFood databases, they are only recorded on the users’ own devices, with no credit card data being compromised,” explained the company.

There was also “no evidence of leakage of the personal database of customers or deliverymen registered on the platform”.

*With an article by Abinoan Santiago